[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re[4]: Firewall in an internet-caffe


As an answer for Your letter, I would like to write:

>         B. On the FTP/MAIL/WWW server. Not impossible, but risky ... if
> someone uses a weak password and gets his or her account cracked, you
> provide access to all of your external services.
>         C. On a different machine.

I'll choose B. C-maybe in the future.

> If you exclude choice C, I certainly think B is better than A ... but not
> offering the service at all is (probably) even better.

It doesn't depend on me.

> 3. As to how to use your 32 addresses ... as I said before, you haven't
> described your LAN in enough detail for me to give you more than some
> preliminary thoughts.

That's because it's so messed up now that I have to do everyting from
scratch. OK. I think, that there are misunderstangings between us, my
english is not very well, really. For example: do I understand 'router'
corectly? Does 'routing' mean passing through? I'm sure it does (hope
so), but maybe I can't immagine it corectly. I think of it as taking
request from inet provider, checking, that it's for a.b.c.5:80, but
there is no www service on a.b.c.5, because it's windows. So I reject
it. But request from a.b.c.7 is x.y.z.t:22 (SSH AFAIR). A can pass it
through, because user can connect to some server with ssh (x.y.z.t is on
internet somewhere). Is that what routing is for? Please enlighten me,
because I do know a bit, but I don't know how to call it. Sometimes even
writing in polish some people can't understand me. :-(

> If you want more feedback on that, please describe in
> a bit more detail how you intend to configure the router/firewall. For
> example, you previously said you would give it IP address a.b.c.1. Though
> this usage is common shorthand, it really is inaccurate -- *interfaces* get
> IP addresses, not *hosts*.

What do You mean saying 'interface'? (this word has many meanings)

> A router has (at least) two IP addresses, on two
> different networks. If the router/firewall's *internal* interface is
> a.b.c.1, then what is its external IP address (the one that connects the
> router to the Internet)?

OK. I'll try to explain it as clean as I can. :-)

Now it's like this:

                      C C  C
                      | | /         C  - computer with windows
+--------+           /---\-C        S1 - mandrake with www/dns/ftp/mail
|Provider|-----------|HUB|-C        S2 - mandrake with shell accounts
+--------+    /\     \---/-S1
        (Cable to hub)    \S2

Provider provides me IP's a.b.c.1 up to a.b.c.32 through Cable. Hub
broadcasts request for a.b.c.X and X (some mendrake or windows) replays
to the request saying "I'm a.b.c.X!". So it gets connection with
internet. There are 16 computers with windows (IP's .16-.32). Rest is
used by S1 and S2, because AFAIR every ftp virtual host need's separate
IP (there are 3 VirtualHosts now - one for caffe and two bought by some
companies), because VH by host name is in drafts now and it's not the
part of HTTP1.1 (so says ProFTPD FAQ).

What I want to do:
                        [S2]           C  C
                          \            | /
+--------+           ............    /---\-C
|Provider|---------- : FIREWALL :----|HUB|-C
+--------+    /\     :..........:    \---/\
        (Cable to Firewall)                C

S2 - (www/mail/ftp services), on separate eth (lets say eth1)
C  - windows (hub connected to lets say eth0)
Is this how I should do it? How to configure FIREWALL. Where should I
put DNS?
> (such as seawall, a Sourceforge project).

What's so special in SourceForge? Almost every project I hear about is
being maintained there.

> Or perhaps not ... your more recent comments indicate a greater
> breadth of knowledge than I inferred from your first message.

I became red reading this ;)

> ------------------------------------"Never tell me the odds!"---
> Ray Olszewski                                        -- Han Solo

'Carrie!' - Luke Skywalker. ;)

Best Regards
nIck: IronHand of CruX     /GCS d-(++) s:- a18 C++ UL++++ P+++ L++@ E\
maIl:                     { W+++ N+ o? K? w+++ !O M V? PS+ PE- Y PGP- }
ironhand@zsno.ids.czest.pl \t+ 5+ X- R++ tv b+ DI? D+ G++ e- h! r% y-/

Reply to: